Middle East organisations use threat intelligence to shoot down cyber-attacks
Advanced cyber-attacks target confidential corporate data, business critical IP and valuable customer information
Advanced targeted attacks represent one of the biggest threats to organisations across the Middle East, according to a new report from Trend Micro Incorporated.
Confidential corporate data, business critical IP and valuable customer information are all potentially at risk from this new type of attack the report said.
"Preventing exposure of these enterprise 'crown jewels' has become a major priority for IT and business leaders. One of the best ways of doing so is to build reliable threat intelligence so that expert teams can spot advanced threats early on and deal with them appropriately."
According to the report, after researching into the organisation, attackers will begin the threat with a phishing email, hoping to trick an employee into clicking on a malicious link or downloading a malware-ridden attachment. Once inside the corporate network, the attacker will search for the assets they wish to steal. Such attacks can lay hidden for weeks, months or even years, exfiltrating data and sending it out to the attackers over time.
The report says that registry changes, file changes, event log entries, service changes, and mutexes are all tell-tale signs of a breach and monitoring in and out-bound traffic, could yield indicators of compromise such as domains or IP addresses related to a command and control (C&C) servers, or use of unusual ports and protocols on critical systems.
Even though zero-day exploits and customised malware can be used in such attacks, organisations can still detect attacker activity by monitoring network traffic closely, because C&C protocols tend to remain relatively consistent. Trend Micro advises that threat intelligence programs are a vital tactic in spotting and blocking such attacks.